Update on ASP.NET Vulnerability
Earlier this week I posted about an ASP.NET Vulnerability , and followed this up with another blog post that covers some Frequently Asked Questions about it. We are actively working on releasing a security update that fix the issues, and our teams have been working around the clock to develop and test a fix that is ready for broad distribution across all Windows platforms via Windows Update. I’ll post details about this once it is available. Revised Workaround and Additional URLScan Step In my first blog post I covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it. Today, we are revising it to include an additional defensive measure. This additional step can be done
Read More...
Read the complete post at http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx